inspec-core 3.7.1 → 3.7.11

data/lib/plugins/inspec-habitat/templates/habitat/config/inspec_exec_config.json.erb

@@ -0,0 +1,25 @@
+{
+  "target_id": "{{ sys.member_id }}",
+  "reporter": {
+    "cli": {
+      "stdout": {{cfg.report_to_stdout}}
+    },
+    "json": {
+      "file": "{{pkg.svc_path}}/logs/inspec_last_run.json"
+    }{{#if cfg.automate.token ~}},
+    "automate" : {
+      "url": "{{cfg.automate.url}}/data-collector/v0/",
+      "token": "{{cfg.automate.token}}",
+      "node_name": "{{ sys.hostname }}",
+      "verify_ssl": false
+    }{{/if ~}}
+  }
+  {{#if cfg.automate.token }},
+  "compliance": {
+   "server" : "{{cfg.automate.url}}",
+   "token" : "{{cfg.automate.token}}",
+   "user" : "{{cfg.automate.user}}",
+   "insecure" : true,
+   "ent" : "automate"
+  }{{/if }}
+}

data/lib/plugins/inspec-habitat/templates/habitat/default.toml.erb

@@ -0,0 +1,9 @@
+interval = 300
+report_to_stdout = true
+
+# Uncomment and replace values to report to Automate.
+# This can also be applied at runtime via `hab config apply`
+#[automate]
+#url = 'https://chef-automate.test'
+#token = 'TOKEN'
+#user = 'admin'

data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb

@@ -0,0 +1,32 @@
+#!/bin/sh
+
+exec 2>&1
+
+CONFIG="{{pkg.svc_config_path}}/inspec_exec_config.json"
+INTERVAL="{{cfg.interval}}"
+LOG_FILE="{{pkg.svc_path}}/logs/inspec_log.txt"
+PROFILE_IDENT="{{pkg.origin}}/{{pkg.name}}"
+PROFILE_PATH="{{pkg.path}}/{{pkg.name}}-{{pkg.version}}.tar.gz"
+
+while true; do
+  echo "Executing ${PROFILE_IDENT}"
+  exec inspec exec ${PROFILE_PATH} --json-config ${CONFIG} 2>&1 | tee ${LOG_FILE}
+
+  exit_code=$?
+  if [ $exit_code -eq 1 ]; then
+    echo "InSpec run failed."
+  else
+    echo "InSpec run completed successfully."
+    if [ $exit_code -eq 0 ]; then
+      echo "No controls failed or were skipped."
+    elif [ $exit_code -eq 100 ]; then
+      echo "At least 1 control failed."
+    elif [ $exit_code -eq 101 ]; then
+      echo "No controls failed but at least 1 skipped."
+    fi
+  fi
+  echo "Results are logged here: ${LOG_FILE}"
+
+  echo "Sleeping for ${INTERVAL} seconds"
+  sleep ${INTERVAL}
+done

data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb

@@ -0,0 +1,85 @@
+pkg_name=<%= "inspec-profile-#{profile.name}" %>
+pkg_version=<%= profile.version %>
+pkg_origin=<%= habitat_origin %>
+pkg_deps=(chef/inspec)
+pkg_build_deps=(chef/inspec core/jq-static)
+pkg_svc_user=root
+<%= "pkg_license='#{profile.metadata.params[:license]}'" if profile.metadata.params[:license]%>
+
+do_before() {
+  # Exit with error if not in the directory with 'inspec.yml'.
+  # This can happen if someone does 'hab studio enter' from within the
+  # 'habitat/' directory.
+  if [ ! -f "$PLAN_CONTEXT/../inspec.yml" ]; then
+    message="ERROR: Cannot find inspec.yml."
+    message="$message Please build from the profile root"
+    build_line "$message"
+
+    return 1
+  fi
+
+  # Execute an 'inspec compliance login' if a profile needs to be fetched from
+  # the Automate server
+  if [ "$(grep "compliance: " "$PLAN_CONTEXT/../inspec.yml")" ]; then
+    _do_compliance_login;
+  fi
+}
+
+do_setup_environment() {
+  set_buildtime_env PROFILE_CACHE_DIR "$HAB_CACHE_SRC_PATH/$pkg_dirname"
+  set_buildtime_env ARCHIVE_NAME "$pkg_name-$pkg_version.tar.gz"
+
+  # InSpec loads `pry` which tries to expand `~`. This fails if HOME isn't set.
+  set_runtime_env HOME "$pkg_svc_var_path"
+
+  # InSpec will create a `.inspec` directory in the user's home directory.
+  # This overrides that to write to a place within the running service's path.
+  # NOTE: Setting HOME does the same currently. This is here to be explicit.
+  set_runtime_env INSPEC_CONFIG_DIR  "$pkg_svc_var_path"
+}
+
+do_unpack() {
+  # Change directory to where the profile files are
+  pushd "$PLAN_CONTEXT/../" > /dev/null
+
+  # Get a list of all files in the profile except those that are Habitat related
+  profile_files=($(ls -I habitat -I results -I "*.hart"))
+
+  mkdir -p "$PROFILE_CACHE_DIR" > /dev/null
+
+  # Copy just the profile files to the profile cache directory
+  cp -r ${profile_files[@]} "$PROFILE_CACHE_DIR"
+}
+
+do_build() {
+  inspec archive "$PROFILE_CACHE_DIR" \
+                 --overwrite \
+                 -o "$PROFILE_CACHE_DIR/$ARCHIVE_NAME"
+}
+
+do_install() {
+  cp "$PROFILE_CACHE_DIR/$ARCHIVE_NAME" "$pkg_prefix"
+}
+
+_do_compliance_login() {
+  if [ -z $COMPLIANCE_CREDS ]; then
+    message="ERROR: Please perform an 'inspec compliance login' and set"
+    message="$message \$HAB_STUDIO_SECRET_COMPLIANCE_CREDS to the contents of"
+    message="$message '~/.inspec/compliance/config.json'"
+    build_line "$message"
+    return 1
+  fi
+
+  user=$(echo $COMPLIANCE_CREDS | jq .user | sed 's/"//g')
+  token=$(echo $COMPLIANCE_CREDS | jq .token | sed 's/"//g')
+  automate_server=$(echo $COMPLIANCE_CREDS | \
+                    jq .server | \
+                    sed 's/\/api\/v0//' | \
+                    sed 's/"//g'
+                   )
+  insecure=$(echo $COMPLIANCE_CREDS | jq .insecure)
+  inspec compliance login --insecure $insecure \
+                          --user $user \
+                          --token $token \
+                          $automate_server
+}

data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile

@@ -0,0 +1,2 @@
+source 'https://supermarket.chef.io'
+metadata

data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/README.md

@@ -0,0 +1,3 @@
+# InSpec Habitat Fixture
+
+Used to setup a server for testing the `inspec-habitat` plugin

data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/files/hab_setup.exp

@@ -0,0 +1,28 @@
+#!/usr/bin/expect -f
+
+set timeout -1
+
+spawn hab setup
+
+expect "Connect to an on-premises bldr instance?"
+send -- "No\r"
+
+expect "Set up a default origin?"
+send -- "Yes\r"
+
+expect "Default origin name"
+send -- "vagrant\r"
+
+expect "Create an origin key for `vagrant'?"
+send -- "Yes\r"
+
+expect "Set up a default Habitat personal access token?"
+send -- "No\r"
+
+expect "Set up a default Habitat Supervisor CtlGateway secret?"
+send -- "No\r"
+
+expect "Enable analytics?"
+send -- "No\r"
+
+expect eof

data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb

@@ -0,0 +1,9 @@
+name 'inspec_habitat_fixture'
+maintainer 'The Authors'
+maintainer_email 'you@example.com'
+license 'All Rights Reserved'
+description 'Used for testing the inspec-habitat plugin'
+version '0.1.0'
+chef_version '>= 13.0'
+
+depends 'habitat'

data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb

@@ -0,0 +1,61 @@
+#
+# Cookbook:: kitchen_setup_cookbook
+# Recipe:: default
+#
+# Copyright:: 2019, The Authors, All Rights Reserved.
+
+package %w(ruby ruby-dev gcc g++ make expect)
+
+base_dir = '/home/vagrant'
+
+cookbook_file "#{base_dir}/inspec-local.gem" do
+  source 'inspec-local.gem'
+  action :create
+end
+
+gem_package 'inspec' do
+  source "#{base_dir}/inspec-local.gem"
+  subscribes :install, "cookbook_file[#{base_dir}/inspec-local.gem]", :immediately
+end
+
+cookbook_file "#{base_dir}/hab_setup.exp" do
+  source 'hab_setup.exp'
+  mode '0755'
+  action :create
+end
+
+hab_install 'install habitat'
+hab_sup 'setup hab supervisor'
+
+execute 'setup hab cli' do
+  command "#{base_dir}/hab_setup.exp"
+  live_stream true
+  not_if { ::File.exist?('/hab/etc/cli.toml') }
+  not_if { ::File.exist?('~/.hab/etc/cli.toml') }
+end
+
+execute 'create inspec profile for testing' do
+  command "inspec init profile #{base_dir}/hab_test_profile"
+  live_stream true
+  creates "#{base_dir}/hab_test_profile"
+end
+
+directory "#{base_dir}/output"
+
+execute 'create hart file from profile' do
+  command "inspec habitat profile create #{base_dir}/hab_test_profile --output_dir '#{base_dir}/output'"
+  live_stream true
+  not_if "find #{base_dir}/output | grep vagrant-inspec-profile-hab_test_profile-0.1.0-.*.hart"
+end
+
+execute 'install vagrant/inspec-profile-hab_test_profile' do
+  command "hab pkg install #{base_dir}/output/*.hart"
+  live_stream true
+  not_if 'hab pkg list --origin vagrant | grep inspec-profile'
+end
+
+execute 'load vagrant/inspec-profile-hab_test_profile into supervisor' do
+  command 'hab svc load vagrant/inspec-profile-hab_test_profile'
+  live_stream true
+  not_if 'sudo hab svc status | grep "vagrant/inspec-profile-hab_test_profile"'
+end

data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb

@@ -0,0 +1,38 @@
+require_relative '../../../shared/core_plugin_test_helper.rb'
+require 'fileutils'
+
+class ProfileCli < MiniTest::Test
+  include CorePluginFunctionalHelper
+
+  def setup
+    @tmpdir = Dir.mktmpdir
+    @habitat_profile = File.join(@tmpdir, 'habitat-profile')
+    run_inspec_process('init profile ' + @habitat_profile)
+  end
+
+  def teardown
+    FileUtils.remove_entry_secure(@tmpdir)
+  end
+
+  def test_setup_subcommand
+    result = run_inspec_process('habitat profile setup ' + @habitat_profile + ' --log-level debug')
+
+    # Command runs without error
+    assert_empty result.stderr
+    assert_equal 0, result.exit_status
+
+    # Command creates only expected files
+    base_dir = File.join(@tmpdir, 'habitat-profile', 'habitat')
+    files = %w{
+      default.toml
+      plan.sh
+      config
+      config/inspec_exec_config.json
+      hooks
+      hooks/run
+    }
+    actual_files = Dir.glob(File.join(base_dir, '**/*'))
+    expected_files = files.map { |x| File.join(base_dir, x) }
+    assert_equal actual_files.sort, expected_files.sort
+  end
+end

data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/README.md

@@ -0,0 +1,3 @@
+# Habitat InSpec Test Profile
+
+This profile is used to test `inspec habitat profile` commands

data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb

@@ -0,0 +1,40 @@
+control 'inspec-habitat-create' do
+  title 'Create command'
+
+  output_hart_dir = '/home/vagrant/output'
+  find_hart_output = command("find #{output_hart_dir} -name '*.hart'").stdout
+  hart_files = find_hart_output.split("\n")
+
+  hab_profile_path = '/home/vagrant/hab_test_profile'
+  find_profile_files_command = "find #{hab_profile_path} -type f -printf '%f\n'"
+  profile_files = command(find_profile_files_command).stdout.split("\n").sort
+  expected_files = %w{
+    .gitkeep
+    README.md
+    example.rb
+    inspec.yml
+  }
+
+  describe '`inspec habitat profile create`' do
+    it 'should create exactly 1 hart file' do
+      expect(hart_files.length).to eq(1)
+    end
+    it 'does not add any extra files to a default generated profile' do
+      expect(profile_files).to eq(expected_files)
+    end
+  end
+end
+
+control 'inspec-habitat-service' do
+  title 'inspec-profile-hab_test_profile service'
+  describe 'The running service' do
+    it 'should create a log file' do
+      log = '/hab/svc/inspec-profile-hab_test_profile/logs/inspec_log.txt'
+      expect(file(log).exist?).to be(true)
+    end
+    it 'should create a JSON file for the last run' do
+      log = '/hab/svc/inspec-profile-hab_test_profile/logs/inspec_last_run.json'
+      JSON.parse(file(log).content)
+    end
+  end
+end

data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/inspec.yml

@@ -0,0 +1,10 @@
+name: inspec_habitat
+title: InSpec Profile
+maintainer: The Authors
+copyright: The Authors
+copyright_email: you@example.com
+license: Apache-2.0
+summary: An InSpec Compliance Profile
+version: 0.1.0
+supports:
+  platform: os

data/lib/plugins/inspec-habitat/test/support/example_profile/README.md

@@ -0,0 +1,3 @@
+# Example InSpec Profile
+
+This profile is used for unit testing the `inspec-habitat` profile

data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb

@@ -0,0 +1,7 @@
+control 'example' do
+  impact 0.7
+  title 'Example control'
+  describe 'example' do
+    it { should cmp 'example' }
+  end
+end

data/lib/plugins/inspec-habitat/test/support/example_profile/inspec.yml

@@ -0,0 +1,10 @@
+name: example_profile
+title: InSpec Profile
+maintainer: The Authors
+copyright: The Authors
+copyright_email: you@example.com
+license: Apache-2.0
+summary: An InSpec Compliance Profile
+version: 0.1.0
+supports:
+  platform: os

data/lib/plugins/inspec-habitat/test/unit/profile_test.rb

@@ -1,184 +1,240 @@
 require 'mixlib/log'
-require 'ostruct'
+require 'fileutils'
 require 'minitest/autorun'
-require 'mocha/setup'
 require_relative '../../lib/inspec-habitat/profile.rb'
 
-describe InspecPlugins::Habitat::Profile do
-  let(:profile) do
-    OpenStruct.new(
-      name:    'my_profile',
-      version: '1.2.3',
-      files:   %w(file1 file2)
+class InspecPlugins::Habitat::ProfileTest < MiniTest::Unit::TestCase
+  def setup
+    @tmpdir = Dir.mktmpdir
+
+    @output_dir = File.join(@tmpdir, 'output')
+    FileUtils.mkdir(@output_dir)
+
+    @fake_hart_file = FileUtils.touch(File.join(@tmpdir, 'fake-hart.hart'))[0]
+
+    # Path from `__FILE__` needed to support running tests in `inspec/inspec`
+    @test_profile_path = File.join(
+      File.expand_path(File.dirname(__FILE__)),
+      '../',
+      'support',
+      'example_profile'
+    )
+    @test_profile = Inspec::Profile.for_target(
+      @test_profile_path,
+      backend: Inspec::Backend.create(Inspec::Config.mock),
     )
-  end
 
-  let(:subject) { InspecPlugins::Habitat::Profile.new('/path/to/profile', { 'log_level' => 'fatal' }) }
+    @hab_profile = InspecPlugins::Habitat::Profile.new(
+      @test_profile_path,
+      { output_dir: @output_dir },
+    )
+
+    @mock_hab_config = {
+      'auth_token' => 'FAKETOKEN',
+      'origin' => 'fake_origin',
+    }
 
-  before do
     Inspec::Log.level(:fatal)
   end
 
-  describe '#verify_profile' do
-    it 'exits if the profile is not valid' do
-      profile = mock
-      profile.stubs(:check).returns(summary: { valid: false })
-      subject.expects(:profile).returns(profile)
-      proc { subject.send(:verify_profile) }.must_raise SystemExit
-    end
-
-    it 'does not exist if the profile is valid' do
-      profile = mock
-      profile.stubs(:check).returns(summary: { valid: true })
-      subject.expects(:profile).returns(profile)
-      subject.send(:verify_profile)
-    end
+  def after_run
+    FileUtils.remove_entry_secure(@tmpdir)
   end
 
-  describe '#vendor_profile_dependencies' do
-    let(:profile_vendor) do
-      profile_vendor = mock
-      profile_vendor.stubs(:lockfile).returns(lockfile)
-      profile_vendor.stubs(:cache_path).returns(cache_path)
-      profile_vendor
-    end
-    let(:lockfile) { mock }
-    let(:cache_path) { mock }
+  def test_create_raises_if_output_dir_does_not_exist
+    profile = InspecPlugins::Habitat::Profile.new(
+      @test_profile_path,
+      {
+        output_dir: '/not/a/real/path',
+        log_level: 'fatal',
+      },
+    )
 
-    before do
-      Inspec::ProfileVendor.expects(:new).returns(profile_vendor)
-    end
+    assert_raises(SystemExit) { profile.create }
+    # TODO: Figure out how to capture and validate `Inspec::Log.error`
+  end
 
-    describe 'when lockfile exists and cache dir exists' do
-      it 'does not vendor the dependencies' do
-        lockfile.expects(:exist?).returns(true)
-        cache_path.expects(:exist?).returns(true)
-        profile_vendor.expects(:vendor!).never
-        profile_vendor.expects(:make_readable).never
-        subject.send(:vendor_profile_dependencies)
+  def test_create
+    file_count = Dir.glob(File.join(@test_profile_path, '**/*')).count
+
+    @hab_profile.stub :read_habitat_config, @mock_hab_config do
+      @hab_profile.stub :verify_habitat_setup, nil do
+        @hab_profile.stub :build_hart, @fake_hart_file do
+          @hab_profile.create
+        end
       end
     end
 
-    describe 'when the lockfile exists but the cache dir does not' do
-      it 'vendors the dependencies and refreshes the profile object' do
-        lockfile.expects(:exist?).returns(true)
-        cache_path.expects(:exist?).returns(false)
-        profile_vendor.expects(:vendor!)
-        profile_vendor.expects(:make_readable)
-        subject.expects(:create_profile_object)
+    # It should not modify target profile
+    new_file_count = Dir.glob(File.join(@test_profile_path, '**/*')).count
+    assert_equal new_file_count, file_count
 
-        subject.send(:vendor_profile_dependencies)
-      end
+    # It should create 1 Habitat artifact
+    output_files = Dir.glob(File.join(@output_dir, '**/*'))
+    assert_equal 1, output_files.count
+    assert_equal 'fake-hart.hart', File.basename(output_files.first)
+  end
+
+  def test_create_rasies_if_habitat_is_not_installed
+    cmd = MiniTest::Mock.new
+    cmd.expect(:error?, true)
+    cmd.expect(:run_command, nil)
+
+    Mixlib::ShellOut.stub :new, cmd, 'hab --version' do
+      assert_raises(SystemExit) { @hab_profile.create }
+      # TODO: Figure out how to capture and validate `Inspec::Log.error`
     end
 
-    describe 'when the lockfile does not exist' do
-      it 'vendors the dependencies and refreshes the profile object' do
-        lockfile.expects(:exist?).returns(false)
-        profile_vendor.expects(:vendor!)
-        profile_vendor.expects(:make_readable)
-        subject.expects(:create_profile_object)
+    cmd.verify
+  end
 
-        subject.send(:vendor_profile_dependencies)
+  def test_upload
+    @hab_profile.stub :read_habitat_config, @mock_hab_config do
+      @hab_profile.stub :create, @fake_hart_file do
+        @hab_profile.stub :upload_hart, nil do
+          @hab_profile.upload
+          # TODO: Figure out how to capture and validate `Inspec::Log.error`
+        end
       end
     end
   end
 
-  describe '#validate_habitat_installed' do
-    it 'exits if hab --version fails' do
-      cmd = mock
-      cmd.stubs(:error?).returns(true)
-      cmd.stubs(:run_command)
-      cmd.stubs(:stdout)
-      cmd.stubs(:stderr)
-      Mixlib::ShellOut.expects(:new).with('hab --version').returns(cmd)
-      proc { subject.send(:validate_habitat_installed) }.must_raise SystemExit
+  def test_upload_raises_if_no_habitat_auth_token_is_found
+    @hab_profile.stub :read_habitat_config, {} do
+      assert_raises(SystemExit) { @hab_profile.upload }
+      # TODO: Figure out how to capture and validate `Inspec::Log.error`
     end
   end
 
-  describe '#validate_habitat_origin' do
-    it 'does not exit if the origin key exists' do
-      subject.expects(:habitat_origin).returns('12345')
-      subject.send(:validate_habitat_origin)
+  def test_create_working_dir
+    Dir.stub :mktmpdir, '/tmp/fakedir' do
+      assert_equal '/tmp/fakedir', @hab_profile.send(:create_working_dir)
     end
+  end
 
-    it 'exits if no origin key exists' do
-      subject.expects(:habitat_origin).returns(nil)
-      proc { subject.send(:validate_habitat_origin) }.must_raise SystemExit
-    end
+  def test_duplicate_profile
+    current_profile = @test_profile
+    duplicated_profile = @hab_profile.send(:duplicate_profile,
+                                           @test_profile_path,
+                                           @tmpdir)
+    assert duplicated_profile.is_a?(Inspec::Profile)
+    assert duplicated_profile.sha256 == current_profile.sha256.to_s
+    refute_same duplicated_profile.root_path, current_profile.root_path
   end
 
-  describe '#validate_habitat_auth_token' do
-    it 'does not exit if the auth_token exists' do
-      subject.expects(:habitat_auth_token).returns('12345')
-      subject.send(:validate_habitat_auth_token)
-    end
+  def test_profile_from_path
+    profile = @hab_profile.send(:profile_from_path, @test_profile_path)
+    assert profile.is_a?(Inspec::Profile)
+  end
 
-    it 'exits if no auth_token exists' do
-      subject.expects(:habitat_auth_token).returns(nil)
-      proc { subject.send(:validate_habitat_auth_token) }.must_raise SystemExit
-    end
+  def test_copy_profile_to_working_dir
+    duplicated_profile = @hab_profile.send(:duplicate_profile,
+                                           @test_profile_path,
+                                           @tmpdir)
+
+    dst = File.join(@tmpdir, 'working_dir')
+    FileUtils.mkdir_p(dst)
+    @hab_profile.send(:copy_profile_to_working_dir, duplicated_profile, dst)
+
+    expected_files = %w{
+      README.md
+      inspec.yml
+      example.rb
+    }
+
+    actual_files = Dir.glob(File.join(dst, '**/*')).map do |path|
+      next unless File.file?(path)
+      File.basename(path)
+    end.compact
+
+    assert(actual_files.sort == expected_files.sort)
   end
 
-  describe '#build_hart' do
-    before do
-      subject.expects(:work_dir).at_least_once.returns(Dir.tmpdir)
-    end
+  def test_verify_profile_raises_if_profile_is_not_valid
+    bad_profile_path = File.join(@tmpdir, 'bad_profile')
+    FileUtils.mkdir_p(File.join(bad_profile_path))
+    FileUtils.touch(File.join(bad_profile_path, 'inspec.yml'))
+    bad_profile = Inspec::Profile.for_target(
+      bad_profile_path,
+      backend: Inspec::Backend.create(Inspec::Config.mock),
+    )
+    assert_raises(SystemExit) { @hab_profile.send(:verify_profile, bad_profile) }
+    # TODO: Figure out how to capture and validate `Inspec::Log.error`
+  end
 
-    it 'exits if the build fails' do
-      subject.expects(:system).returns(false)
-      proc { subject.send(:build_hart) }.must_raise SystemExit
-    end
+  def test_vendor_profile_dependencies_does_not_vendor_if_already_vendored
+    mock_lock_file = MiniTest::Mock.new
+    mock_lock_file.expect(:exist?, true)
+    mock_cache_path = MiniTest::Mock.new
+    mock_cache_path.expect(:exist?, true)
 
-    it 'exits if more than one hart is created' do
-      subject.expects(:system).returns(true)
-      Dir.expects(:glob).returns(%w(hart1 hart2))
-      proc { subject.send(:build_hart) }.must_raise SystemExit
-    end
+    mock = MiniTest::Mock.new
+    mock.expect(:lockfile, mock_lock_file)
+    mock.expect(:cache_path, mock_cache_path)
 
-    it 'exits if more than no hart is created' do
-      subject.expects(:system).returns(true)
-      Dir.expects(:glob).returns([])
-      proc { subject.send(:build_hart) }.must_raise SystemExit
+    Inspec::ProfileVendor.stub :new, mock do
+      new_profile = @hab_profile.send(:vendor_profile_dependencies!,
+                                      @test_profile)
+      assert new_profile.is_a?(Inspec::Profile)
     end
+  end
+
+  def test_vendor_profile_dependencies
+    mock_lock_file = MiniTest::Mock.new
+    mock_lock_file.expect(:exist?, false)
+
+    mock = MiniTest::Mock.new
+    mock.expect(:lockfile, mock_lock_file)
+    mock.expect(:vendor!, nil)
+    mock.expect(:make_readable, nil)
 
-    it 'returns the hart filename' do
-      subject.expects(:system).returns(true)
-      Dir.expects(:glob).returns(%w(hart1))
-      subject.send(:build_hart).must_equal('hart1')
+    Inspec::ProfileVendor.stub :new, mock do
+      new_profile = @hab_profile.send(:vendor_profile_dependencies!,
+                                      @test_profile)
+      assert new_profile.is_a?(Inspec::Profile)
     end
+    mock.verify
   end
 
-  describe '#upload_hart' do
-    it 'exits if the upload failed' do
-      env = {
-        'TERM'               => 'vt100',
-        'HAB_AUTH_TOKEN'     => 'my_token',
-        'HAB_NONINTERACTIVE' => 'true',
-      }
+  def test_verify_habitat_setup_raises_if_hab_version_errors
+    mock = MiniTest::Mock.new
+    mock.expect(:run_command, nil)
+    mock.expect(:error?, true)
+    mock.expect(:stderr, 'This would be an error message')
 
-      cmd = mock
-      cmd.stubs(:run_command)
-      cmd.stubs(:error?).returns(true)
-      cmd.stubs(:stdout)
-      cmd.stubs(:stderr)
-
-      subject.expects(:habitat_auth_token).returns('my_token')
-      Mixlib::ShellOut.expects(:new).with("hab pkg upload my_hart", env: env).returns(cmd)
-      proc { subject.send(:upload_hart, 'my_hart') }.must_raise SystemExit
+    Mixlib::ShellOut.stub(:new, mock) do
+      assert_raises(SystemExit) { @hab_profile.send(:verify_habitat_setup, {}) }
+      # TODO: Figure out how to capture and validate `Inspec::Log.error`
     end
+    mock.verify
   end
 
-  describe '#habitat_cli_config' do
-    it 'returns an empty hash if the CLI config does not exist' do
-      File.expects(:exist?).with(File.join(ENV['HOME'], '.hab', 'etc', 'cli.toml')).returns(false)
-      subject.send(:habitat_cli_config).must_equal({})
+  def test_verify_habitat_setup_raises_if_not_habitat_origin
+    mock = MiniTest::Mock.new
+    mock.expect(:run_command, nil)
+    mock.expect(:error?, false)
+
+    Mixlib::ShellOut.stub(:new, mock) do
+      assert_raises(SystemExit) { @hab_profile.send(:verify_habitat_setup, {}) }
+      # TODO: Figure out how to capture and validate `Inspec::Log.error`
     end
+    mock.verify
+  end
+
+  # TODO: Figure out how to stub system()
+  # def test_build_hart
+  # end
+
+  def test_upload_hart_raises_if_hab_pkg_upload_fails
+    mock = MiniTest::Mock.new
+    mock.expect(:run_command, nil)
+    mock.expect(:error?, true)
+    mock.expect(:stdout, 'This would contain output from `hab`')
+    mock.expect(:stderr, 'This would be an error message')
 
-    it 'returns parsed TOML from the hab config file' do
-      config_file = File.join(ENV['HOME'], '.hab', 'etc', 'cli.toml')
-      File.expects(:exist?).with(config_file).returns(true)
-      Tomlrb.expects(:load_file).with(config_file).returns(foo: 1)
-      subject.send(:habitat_cli_config).must_equal(foo: 1)
+    Mixlib::ShellOut.stub(:new, mock) do
+      assert_raises(SystemExit) { @hab_profile.send(:upload_hart, @fake_hart_file, {}) }
+      # TODO: Figure out how to capture and validate `Inspec::Log.error`
     end
   end
 end